US Senator Ron Wyden has accused Apple and Google of enabling government surveillance through push notifications. This has raised concerns about privacy and the need for transparency in data requests.
Description
Senator Wyden has called on the Department of Justice to repeal or modify policies that hinder public discussions on push notification spying [1] [5]. Apple and Google have been unable to share information about these requests due to a gag order from the federal government [4]. However, Apple has recently updated its law enforcement guidelines to provide transparency regarding push notification data requests, and Google has committed to keeping users informed about these requests [4] [6].
Wyden received a tip that both foreign and US government agencies have been requesting metadata related to push notifications [1] [5]. The foreign governments involved were described as democracies allied to the US [5]. Push notifications have attracted attention due to the difficulty of deploying them without sending data to Google or Apple [5].
Apple and Google should be transparent about the legal demands they receive and be allowed to reveal whether they have been compelled to facilitate surveillance [3]. Wyden is calling for even more transparency, urging companies to reveal if they have been compelled to facilitate surveillance practices and to notify specific customers about demands for their data [8].
The companies may also receive encrypted content in certain instances [3]. Apple and Google have been asked for metadata from push notifications [3], including information that links app users to specific accounts [3]. The federal government has prevented Apple from sharing any information on the matter [3], but the company plans to include push notification requests in its transparency report [3].
Google supports Wyden’s call for transparency and has already published a transparency report on government requests for user data [3]. A search warrant in a criminal theft case demonstrates how push notifications can be used to obtain information about a person [3]. The warrant explains that when a user installs an app [3], the app directs their phone to obtain a push token [3], which is a unique identifier that allows Google to locate the device [3].
Another court case has also obtained push notification records using similar language [3]. The Department of Justice has declined to comment on the matter [4]. Apple and Google have been using push notifications to gather information about criminal suspects [2], including US Capitol rioters [2]. When users enable push notifications [2], Apple and Google create a token that links their device to their account information [2]. These tokens can reveal details about a person’s communication history and the content of messages [2].
The federal government has been demanding these tokens from Apple and Google [2], prompting Apple to update its transparency reports to include information about these requests [2]. Google publishes transparency reports sharing the number and types of government requests for user data it receives [2]. The Justice Department has declined to comment on the matter [2] [4].
The companies have been restricted from discussing this surveillance practice by the government [2]. Senator Wyden has called for transparency and for the companies to be allowed to disclose the legal demands they receive [2]. Government investigators routinely request user data from tech companies through subpoenas [2], search warrants [2] [3], and court orders [2].
Google received 192,000 requests for data related to over 400,000 accounts worldwide in the second half of last year [2]. The United States cited the Foreign Intelligence Surveillance Act in seeking up to 500 requests for non-content information [2], including push notification data [2] [3] [4] [6] [7] [8]. Google requires a court order for such requests [2].
Apple advises developers to not include sensitive data in notifications and to encrypt any data before adding it to a notification payload [1]. However, metadata such as which apps are sending notifications and how often is not encrypted [1], potentially allowing anyone with access to the information to gain insight into users’ app usage [1].
Governments around the world have been spying on iPhone users through push notifications [7], according to Apple [1] [4] [5] [7] [8]. The company was prohibited from sharing this information until it became public [7]. Apple has updated its Legal Process Guidelines to acknowledge that push notification data can be requested by government and law enforcement agencies [7].
Foreign governments have been demanding this data from Apple and Google to track smartphone users [7], but the companies were unable to disclose this due to US government restrictions [7]. However, a restriction was recently removed [7], allowing Apple to include this data in its transparency report [7].
Apple releases transparency reports twice a year [7], detailing government requests for customer data [2] [3] [7] [9]. The next report will cover the second half of 2022 [7]. Apple and Google are changing their policies regarding push notification data requests transparency [6]. Both companies are updating their transparency reporting to provide more details about these requests [6]. Both Apple and Google are committed to keeping users informed about these requests [4] [6].
Conclusion
The accusations against Apple and Google regarding push notification surveillance highlight the need for transparency and accountability in data requests. The companies have taken steps to address these concerns by updating their transparency reports and providing more information to users.
However, the issue of government surveillance and the potential invasion of privacy through push notifications remains a significant concern. It is crucial for companies to be allowed to disclose the legal demands they receive and for users to be notified about requests for their data.
Moving forward, it is important for governments and tech companies to strike a balance between national security and individual privacy rights. The ongoing debate surrounding push notification surveillance will likely shape future policies and regulations in the digital landscape.
References
[1] https://www.macrumors.com/2023/12/06/apple-governments-surveil-push-notifications/
[2] https://www.washingtonpost.com/technology/2023/12/06/push-notifications-surveillance-apple-google/
[3] https://techcrunch.com/2023/12/06/us-senator-warns-governments-spying-apple-google-smartphone-users-via-push-notifications/
[4] https://www.tomsguide.com/news/apple-and-google-confirm-governments-could-be-spying-on-your-push-notifications-what-you-need-to-know
[5] https://www.aol.com/news/governments-spying-apple-google-users-111228313.html
[6] https://mashable.com/article/google-apple-push-notifications-government-spy
[7] https://9to5mac.com/2023/12/07/apple-updates-legal-process-documents-to-acknowledge-push-notification-data-requests/
[8] https://arstechnica.com/tech-policy/2023/12/apple-admits-to-secretly-giving-governments-push-notification-data/
[9] https://www.techradar.com/pro/push-notifications-could-be-used-to-snoop-on-google-and-apple-users-us-senator-warns
